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ABSTRACT 

Cloud users can remotely store their data and access the on- 
demand quality applications and services from a shared pool 
of computing resources. Cloud computing provides an 
economical and efficient solution for sharing group resource 
among cloud users. It is one of the common places for data 
storage and shared across multiple users. With our proposed 
mechanism the identity of the signer is kept private from third 
party auditor who is still able to publicly verify the integrity of 
shared data without retrieving the entire file while preserving 
data and identity by using HLA scheme in the cloud. 

Keywords — Cloud Server .Third Party Auditor, 

Homomorphic Linear Authenticator. 

1. INTRODUCTION 

Cloud service providers manage an enterprise-class 
infrastructure that offers a scalable, secure and reliable 
environment for users, at a much lower marginal cost due to 
the sharing nature of resources. The major mis conceptions of 
using cloud security is still absolutely an issue. In fact, it’s a 
growing issue. Arbor Networks 9th annual Worldwide 
Infrastructure Security Report illustrates this point very clearly 
with the largest reported DDoS attack in 2013 clocking in at 
309 Gbps. As cloud computing becomes more popular, 
it will become the target of more malicious attacks. No single 
environment is safe and every infrastructure must be 
controlled with set policies in place. Heart bleed is a perfect 
example where a number of massive cloud organizations can 
be impacted by standardized security structure Dealing with 
data loss. Allowing users to get into the cloud is one thing. 
Accessing applications through a cloud model is a powerful 
way to allow end-users to work remotely. However, what 
happens when users start uploading files to the cloud? 
Healthcare is a great example where data loss can be 


extremely costly. A recent report from the Health Information 
Trust Alliance (HITRUST) really paints the picture around the 
ramifications of a data breach. Over the recent years, the 
numbers around healthcare data breaches can be quit sobering. 
Many organizations often times don’t have a Data Loss 
Prevention (DLP) system plan in place. This means that a 
user, even non-maliciously, might post some information or 
upload a file which can contain sensitive information. It is 
routine for users to use cloud storage services to share data 
with others in a team, as data sharing becomes a standard 
feature in most cloud storage offerings. The integrity of data in 
cloud storage, however, is subject to uncertainty and 
inspection, as data stored in un-trusted cloud can easily be lost 
or corrupted, due to hardware failures and human errors [1]. 
To protect the integrity of cloud data, it is best to perform 
public auditing by introducing a third party auditor (TP A), 
who offers its auditing service with more powerful 
computation and communication abilities than regular users. 
The first provable data possession (PDP) mechanism [2] to 
perform public auditing is designed to check the correctness of 
data stored in un-trusted server, without retrieving the entire 
data. Moving a step forward, Wang et al. [3] is designed to 
construct a public auditing mechanism for cloud data, so that 
during public auditing, the content of private data belonging to 
a personal user is not disclosed to the third party auditor. We 
believe that sharing data among multiple users is perhaps one 
of the most engaging features that motivate cloud storage. A 
unique problem introduced during the process of public 
auditing for shared data in the cloud is how to preserve 
privacy from the TPA, because the identities of signers on 
shared data may indicate that a particular user in the group or 
a special block in shared data is a higher valuable target than 
others besides this problem . Several security systems for data 
sharing on un trusted servers have been proposed[4],[5],[6].in 
these approaches .data owners store the encrypted data files in 


47 


P.Ravinder Rao et al., International Journal of Advances in Computer Science and Technology, 5(4), April 2016, 47- 5 1 


un trusted storage and distributed the corresponding 
decryption keys only to authorized users. Thus unauthorized 
users as well as storage servers cannot learn the content of the 
data files because they do not have the knowledge of 
decryption keys. 

The main contributions of this paper include: 

1 . We provide secure and privacy-preserving access control to 
users, which guarantees any member in a group to 
anonymously utilize the cloud resource. 

2. We suggested a model of Third party public auditing 
protocol for privacy preserving. 

2. RELATED WORK 

In [5], files stored on the un-trusted server include two parts: 
file metadata and file data. The file metadata implies the 
access control information including a series of encrypted key 
blocks, each of which is encrypted under the public key of 
authorized users. Thus, the size of the file metadata is 
proportional to the number of authorized users. The user 
revocation in the scheme is an intractable issue especially for 
large-scale sharing, since the file metadata needs to be 
updated. In their extension version, the NNL construction [9] 
is used for efficient key revocation. However, when a new 
user joins the group, the private key of each user in an NNL 
system needs to be recomputed, which may limit the 
application for dynamic groups. Another concern is that the 
computation overhead of encryption linearly increases with 
the sharing scale. 

Ateniese et al. [6] leveraged proxy re encryptions to secure 
distributed storage. Specifically, the data owner encrypts 
blocks of content with unique and symmetric content keys, 
which are further encrypted under a master public key. For 
access control, the server uses proxy cryptography to directly 
re encrypt the appropriate content key(s) from the master 
public key to a granted user’s public key. Unfortunately, a 
collusion attack between the un-trusted server and any 
revoked malicious user can be launched, which enables them 
to learn the decryption keys of all the encrypted blocks. 

Yu et al [7] presented a scalable and fine-grained data access 
control scheme in cloud computing based on the KPABE 
technique. The data owner uses a random key to encrypt a file, 
where the random key is further encrypted with a set of 
attributes using KP-ABE. Then, the group manager assigns an 
access structure and the corresponding secret key to 
authorized users, such that a user can only decrypt a cipher 
text if and only if the data file attributes satisfy the access 
structure. To achieve user revocation, the manager delegate’s 
tasks of data file re encryption and user secret key update to 
cloud servers. However, the single owner manner may hinder 
the implementation of applications with the scenario, where 
any member in a group should be allowed to store and share 
data files with others. Lu et al. [8] proposed a secure 
provenance scheme, which is built upon group signatures and 
cipher text-policy attribute-based encryption techniques. 
Particularly, the system in their scheme is set with a single 
attribute. Each user obtains two keys after the registration: a 
group signature key and an attribute key. Thus, any user is 


able to encrypt a data file using attribute-based encryption and 
others in the group can decrypt the encrypted data using their 
attribute keys. Meanwhile, the user signs encrypted data with 
her group signature key for privacy preserving and 
traceability. However, user revocation is not supported in their 
scheme. 

3. PRELIMINARIES 

3.1 Bi-linear Maps 

Let G1 and G2 be an additive cyclic group and a 
multiplicative cyclic group of the same prime order q, 
respectively [10]. 

Let e: G1 X G1 -> G2 denote a bilinear map constructed with 
the following properties: 

1. Bilinear: For all a, b £ Z q ‘ and P, Q £ Gl, e(aP, 
bQ)=e(P,Q) ab . 

2. Non degenerate: 3P such that e(P,P)?d. 

3. Computable: There is an efficient algorithm to compute 
e(P,Q) for any P,Q EG1. 

3.2 Complexity Assumptions 

Definition 1: q-strong Diffie-Hellman (q-SDH) Assumption 

[ 10 ] 

Definition 2: Decision linear (DL) Assumption [10] 

Definition 3: Weak Bilinear Diffie-Hellman Exponent 
(WBDHE) Assumption [11]. 

Definition 4: ((t,n)-general Diffie-Hellman Exponent (GDHE) 
Assumption [12]). 

3.3 MAC-based Solution 

Use of MAC to authenticate the data is a trivial way to 
upload the data blocks with their MACs to the server, and 
sends the corresponding secret key sk to the TPA. Later, the 
TPA can randomly retrieve blocks with their MACs and check 
the correctness via sk. Apart from the high (linear in the 
sampled data size) communication and computation 
complexities, the TPA requires the knowledge of the data 
blocks for verification. To circumvent the requirement of the 
data in TPA verification, one may restrict the verification to 
just consist of equality checking. The idea is as follows. 
Before data outsourcing, the cloud user chooses s random 
message authentication code keys {skr }/< rSSj pre-computes s 
(deterministic) MACs, {MACsh (F)h < rSs for the whole data file 
F, and publishes these verification metadata (the keys and the 
MACs) to TPA. The TPA can reveal a secret key sk T to the 
cloud server and ask for a fresh keyed MAC for comparison in 
each audit. This is privacy preserving as long as it is 
impossible to recover F in full given MAC s k t (F) and sk t . 
However, it suffers from the following severe drawbacks: 

1 ) The number of times a particular data file can be audited is 
limited by the number of secret keys that must be fixed a 
priori. Once all possible secret keys are exhausted, the user 
then has to retrieve data in full to re-compute and re-publish 
new MACs to TPA. 
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2) The TPA also has to maintain and update state between 
audits, i.e., keep track on the revealed MAC keys. Considering 
the potentially large number of audit delegations from 
multiple users, maintaining such states for TPA can be 
difficult and error prone. 

3) It can only support static data, and cannot efficiently deal 
with dynamic data at all. However, supporting data dynamics 
is also of critical importance for cloud storage systems. For the 
reason of brevity and clarity 

4. SYSTEM MODEL 


As illustrated in the figure this paper involves three parties: 
the cloud server. User and Public Verifier. 



Figure. 1. public Audit process in cloud for storage correctness [14] 

The cloud is operated by CSP’s and provide huge storage 
services however cloud is not fully trusted by users since 
CSP’s are very likely to be outside of cloud users trusted 
domain. The group manager is responsible for user 
registration, user revocation. 

The group members are set of registered users that will store 
their private data into the cloud server and share them with 
others in the group. 

The Third party auditor (TPA) is responsible for auditing the 
stored data to check its integrity, in this user wishes to check 
the integrity of shared data, he will send an auditing request to 
the TPA, after receiving the request, TPA generated the 
auditing message, to the clouds server and retrieves an 
auditing proof of shared data from the cloud server, then the 
TPA verifies the auditing proof, finally the TPA sends an 
auditing report to the user based on the result of the 
verification. 

5. THE PROPOSED METHOD 
5.1. Overview 

To implement the effective public auditing in the cloud rather 
than MAC based solution as a better option HLA scheme can 
be used for effective check of storage correctness of data in 
the cloud ,we expect this technique allows data users can 
verify the storage correctness. 


5.2 HLA-based Solution: 

To effectively support public auditability without having to 
retrieve the data blocks themselves, the HLA technique [10], 
[11], [12] can be used. HLAs, like MACs, are also some un- 
forgeable verification metadata that authenticate the integrity 
of a data block. The difference is that HLAs can be 
aggregated. It is possible to compute an aggregated HLA 
which authenticates a linear combination of the individual data 
blocks. At a high level, an HLA-based proof of storage system 
works as follow. The user still authenticates each element of F 
= {m h ■ ■ ■ , m„) by a set of HLAs <1>. The cloud server stores 
{F, 0}. The TPA verifies the cloud storage by sending a 
random set of challenge {vi}. (More precisely, F, <3> and {vi} 
are all vectors, so [v,] is an ordered set or {i, v,} should be 
sent). The cloud server then returns p = £ ; Vj • m i and an 
aggregated authenticator a (both are computed from F, 0 and 
[v;]) that is supposed to authenticate p. Though allowing 
efficient data auditing and consuming only constant 
bandwidth, the direct adoption of these HLA-based techniques 
is still not suitable for our purposes. This is because the linear 
combination of blocks, p = £j Vj ■ m i , may potentially reveal 
user data information to TPA, and violates the privacy 
preserving guarantee. Specifically, if an enough number of the 
linear combinations of the same blocks are collected, the TPA 
can simply derive the user’s data content by solving a system 
of linear equations. 

5.3 Privacy-preserving public auditing system 

Once if the group user needs to check correctness of the data 
stored in the cloud, the public auditing mechanism can be 
effectively implemented to achieve this task. Various public 
auditing protocols were implemented to do these tasks. To 
achieve privacy preserving we suggest the model which uses 
homo-morphic linear authenticator. This scheme follow the 
implementation process with the 

Setup Phase: The cloud user runs Key Gen to generate the 
public and secret parameters. Specifically, the user chooses a 
random signing key pair {spk, ssk ), a random x <— Z p , a 
random element u <— G\, and computes v <— g x . The secret 
parameter is sk = (x, ssk ) and the public parameters are pk = 
{spk, v, g, u, e( u, v)). 

Given a data file F = (mi m n ), the user runs SigGen to 

compute authenticator for each block nij : Oj <— (H(Wj) ■ u 
ni; ) x G Gl. Here W)= nameWi and name is chosen by the user 
uniformly at random from from Zp as the identifier of file F. 
Denote the set of authenticators by 4> = {oi}i<j< n . The last part 
of the sigGen is for ensuring the integrity of the unique file 
identifier name. 

For data storage correctness. Specifically, the server chooses 
a random element r <— Z p , and calculates R = e(u, v) 1 G G T . 
Let p ' denote the linear combination of sampled blocks 
specified in chal: p ' = £ iEI v,- m, . To blind p ' with r, the 
server computes: p = r+yp' mod p, where y = h(R) G Zp. 
Meanwhile, the server also calculates an aggregated 
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authenticator a = n i£I Oj V1 G It then sends {p, a, R} as the 
response proof of storage correctness to the TPA. 

The sequence of operations carried out at TPA 

1 . Retrieve file tag t, verify its Signature, and quit if fail; 

2. Generate a random challenge v,- m, and also a=n if = / 

<Tj V1 

3. {|i, a ,R}- >Storage correctness proof 

4. Compute y = h(R), and then verify {p, <r,R}. 

Operations in the middle 

{(i,Vj)}i^ I - challenge request chal 

The sequence of operations carried out at cloud server 

1. Compute p' — £,<= / . 

This operation is carried after executing step land 2 operations of 
TPA. 

2. Randomly pick r <— Zp, and h(R); 

3. Compute p = r + y p' mod p 

Then CS sends {p, a ,R} Storage correctness proof to TPA 

Finally the last step of operation in TPA gets executed for verification of 

storage correctness proof sent by cloud server.. 

Public Auditing process 

Audit Phase: The TPA first retrieves the file tag t. With 
respect to the mechanism we described in the setup phase, the 
TPA verifies the signature SSig Jjt - with Spk, and quits by 
emitting FALSE if the verification fails .otherwise TPA 
recovers name. To generate the challenge message for the 
audit “chal’", the TPA picks a random c-element subset I = { Si, 
. . . , s c } of set [1, n\. For each element i G I, the TPA also 
chooses a random value v, (of bit length that can be shorter 
than Ipl, as explained in [11]). The message “chal” specifies 
the positions of the blocks that are required to be checked. The 
TPA sends chal = {(i, v,)}iei to the server. 

Upon receiving challenge chal = { (i, v,)} i£I , the server runs 
Gen Proof to generate a response proof and new users can 
directly decrypt files stored in the cloud before their 
participation and by using homo-morphic linear authenticator 
TPA would not learn any knowledge about the data content 
stored on the cloud server during the efficient auditing 
process, which not only eliminates the burden of cloud user 
from the tedious and possibly expensive auditing task, but also 
alleviates the users" fear of their outsourced data leakage. 

6. TEST ANALYSIS 

To evaluate the performance of the cloud, testing its 
computation cost to respond different operations issued by 
client auditing requests. It can be assumed that the 
computation cost of the cloud is acceptable. In addition, it is 
worth noting that the computation cost is independent with the 
size of the requested audit for file to access and verify 
operations. 

7. CONCLUSION 

hi the current paper, we suggest a privacy preserving public 
auditing method. The cloud user’s wishes to check correctness 
of the data stored in the cloud, the public auditing mechanism 
can be effectively implemented to achieve this task. The HLA 


based scheme will be having fewer burdens on the server there by 
reducing the traffic and computation complexity by aggregating 
the HLAs. 
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